package com.example.oauth2server.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/resource")
public class ResourceController {

    /**
     * 读授权
     * @param id
     * @return
     */
    @PreAuthorize("#oauth2.hasScope('read')")
    @RequestMapping("getResource/{id}")
    public String getResource(@PathVariable final String id) {
        return "write-success:"+id;
    }

    /**
     * 写授权
     * @param id
     * @return
     */
    @PreAuthorize("#oauth2.hasScope('read') and #oauth2.hasScope('write')")
    @RequestMapping("setResource/{id}")
    public String setResource(@PathVariable final String id) {
        return "write-success:"+id;
    }

}
